AI gateway compromise raises cloud security concerns
🔒 Researchers report an AWS EC2 instance acting as a LiteLLM proxy for Amazon Bedrock was compromised and used to deploy XMRig cryptomining malware. The intrusion highlights risk from AI gateways that centralize identities, permissions, and model access, making them high-value targets. Analysts observed SSH exposure, probable brute-force attempts, and suspicious IAM activity tied to model enumeration and persistence efforts. Darktrace assisted in timely detection and containment while urging tighter controls and telemetry correlation.
